Posted in CJEU, personal data, privacy
CJEU is Asked: Are Dynamic IP Addresses Personal Data?
BGH just issued a press release informing that it filed a preliminary reference to the CJEU. The question is whether dynamic IP addresses constitute a personal data according to Art. 2 (a) Data Protection Directive. The case arose between an individual who is suing the Federal Republic of Germany for an injunction against the storage of its information.
- The first question is basically if an IP address, which is stored by a service provider in context of accessing a website, constitutes a personal data despite the fact that only a third party with its additional knowledge can identify said person.
- By the second question, BGH is trying to see if Art. 15(1) of the Telemedia Act is compliant with the Data Protection Directive, especially its Art. 7. This provision reads as follows:
Art. 15(1) TMG: The service provider may collect and use the personal data of a recipient of a service only to the extent necessary to enable and invoice the use of telemedia (data on usage).
Article 2 (a) defines ‘personal data’ as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;”
Very interesting. We in the United States are eagerly awaiting this decision, so we can better determine how careful US companies wishing to adhere to the EU / US Data Privacy Safe Harbor must be with regards to IP Addresses. Any insights on where one might find English language updates on the progress of this case?